1. Field of the Invention
This invention relates to the field of data processing systems. More particularly, this invention relates to data processing systems in which a plurality of machines are connected together via a network.
2. Description of the Prior Art
In many known computer networks, a person wishing to connect to such a network makes a DHCP (dynamic host configuration protocol) request for an IP address to any of the network's DHCP servers. The DHCP server leases IP addresses to machines on demand. The IP address leased is based on the range that is configured within the DHCP server settings. For example, an IP address may be made up of four elements, three of the elements being used to represent a particular office location, so that the router can tell where the machine is, and the fourth element distinguishing the actual machine from the other machines. Thus, in this example there would potentially be 256 possible addresses per office. In reality, some of these addresses may be reserved and used exclusively for a particular task, a gateway (such as a router), for example, could always end in a .252 address and a DHCP server could always end with a .10 address. The remaining addresses are allocated on demand to machines wishing to connect to the network.
On receipt of an IP address request the DHCP server replies by asking the machine making the request its name. If it has a name corresponding to an IP address that no other machine is using at present, then the DHCP server gives this IP address back to the machine, if not, an unused addresses is allocated. The DHCP server leases these IP addresses and when a machine disconnects from the network, the address is “given back” to the DHCP server so that it can be allocated to another machine trying to connect to the network.
In this known system, the DHCP server does not make any check on the user credentials at the time of the request, the responsibility of authentication is left to the network operating systems.
A current process of authenticating a user within, for example, the Microsoft™ NT Networking design does not allow an administrator to validate “what or who” has access to the network, it rather controls access to network resources. For example, a third party consultant with a laptop computer can simply request an IP address from a DHCP server on the network, and be provided with an address based on the network location to which the request came. Of course, once an IP address has been provided to the consultant he/she can now attempt to ‘logon’ to the network in the traditional way. Our consultant may not know of a user account to authenticate to the network, and proceeds to connect to the network by logging into the laptop locally. Even though the consultant has no access to network resources he/she is still capable of ‘sniffing’ (packet capturing) data from the corporate network, and can also connect to resources which require ‘null’ access (null session shares etc.).